I have a server on an internal network that publishes web pages. I need access to these web pages from random clients on the Internet. The problem is that I don't have control of the firewall this server is behind. On the other hand, I do have access to a public server on an entirely different network. (OSes are flexible: I have access to both Windows and Linux servers on both sides.)
Here's what I'm sort of looking to do:
That is:
- Client hits a port on my public server.
- That port is forwarded (tunneled?) to the internal network.
- Web page is served back to the client.
SSH tunneling doesn't seem quite right. Would a site-to-site VPN could do the trick? Is there a simpler option?
OK, I'll make this an answer then. I assume the internal server you control (ISIC) is allowed outbound ssh to the public server you control (PSIC). From ISIC ssh to PSIC like so:
This causes ssh to listen on port 80 of PSIC because of
*:80and then forward that to port 80 on ISIC because oflocalhost:80. It functions exactly like X forwarding.I'm not sure how you could pull this off if you can't modify the firewall. The whole point of a firewall is to block unwanted traffic, so if you can't tell the firewall "I want this traffic" I would imagine it would just do it's job.
Can the "Public Server I Control" already communicate with the "Internal Server I Control"?
A solution such as LogMeIn provides this functionality by doing a "meet in the middle" type connection. There are also other solutions such as GoToMyPC.
LogMeIn has a free product which makes it my preferred solution: https://secure.logmein.com/products/free/
LogMeIn also acquired the popular Hamachi solution (recommended by Steve Gibson from Security Now podcast and the Twit network), the wiki page has additional details as well as links to other solutions you could consider. http://en.wikipedia.org/wiki/Hamachi_%28software%29
Ask for a VPN and use it to Remote Desktop to your desktop workstation.
Then you're "inside your network" and can access what you need.
If you can't get a vpn, gotomypc or linkmein may accomplish the same thing.
Also (and sorry to preach or state the obvious) if you don't control the firewall, are you actually supposed to be doing this?
I mention it as if you're trying to bypass restrictions your company has in place it could end very very badly for you - something to be aware of.
Ultimately, if the goal is for "Starbucks Client" to be able to browse seamlessly to http://internal.server and for that to be the pages on your internal server, I can't think of a single way of doing it so it's pulling the pages directly from your internal server if you can't get a hole of any sort in through your firewall.
You do have options if Starbucks Client can connect to http://your.server though they're going to be bodgy at best i.e. create a VPN tunnel outbound from your LAN to your server and use redirect/forwarding of some sort with a firewall.
How often do the pages update? Could you just use rsync or something to push them out to your server if they change, or are they pulling content from a database or something?